diff options
author | Nayna Jain <nayna@linux.ibm.com> | 2020-10-08 19:31:57 -0400 |
---|---|---|
committer | Oliver O'Halloran <oohall@gmail.com> | 2020-10-15 08:34:13 +1100 |
commit | f4c2dae830ed3dca39562b96ff0231001c802ef5 (patch) | |
tree | fab4cb0aefbd1a36094894a93cc52b0ffe21ca5c | |
parent | f901fcafae14d38e29f1cc11440086ee678785d0 (diff) | |
download | skiboot-f4c2dae830ed3dca39562b96ff0231001c802ef5.zip skiboot-f4c2dae830ed3dca39562b96ff0231001c802ef5.tar.gz skiboot-f4c2dae830ed3dca39562b96ff0231001c802ef5.tar.bz2 |
mowgli: Enable secvar support for Host OS Secure Boot
Secure variable support is needed for Host OS Secure Boot key management.
This needs to be enabled for each platform, as each platform needs to
select the storage and backend drivers to use. This patch adds secure
variable support to the mowgli platform.
Test Results:
After applying the patch, sysfs and device-tree shows secvar entries correctly.
# cd /sys/firmware/secvar/
# ls
format vars
# cat format
ibm,edk2-compat-v1
# cd vars
# ls
KEK PK TS db dbx
# cat PK/size
0
# cat KEK/size
0
# cat TS/size
64
# cat db/size
0
# cat dbx/size
0
# ls /proc/device-tree/ibm,secureboot/
compatible hw-key-hash-size name secure-enabled
hw-key-hash ibm,cvc phandle trusted-enabled
# ls /proc/device-tree/ibm,opal/secvar/status
/proc/device-tree/ibm,opal/secvar/status
# ls /proc/device-tree/ibm,opal/secvar/
compatible max-var-key-len name status
format max-var-size phandle update-status
# cat /proc/device-tree/ibm,opal/secvar/status
okay#
# cat /proc/device-tree/ibm,opal/secvar/format
ibm,edk2-compat-v1#
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.ibm.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
-rw-r--r-- | platforms/astbmc/mowgli.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/platforms/astbmc/mowgli.c b/platforms/astbmc/mowgli.c index 265cab3..b31a656 100644 --- a/platforms/astbmc/mowgli.c +++ b/platforms/astbmc/mowgli.c @@ -11,6 +11,7 @@ #include <ipmi.h> #include <psi.h> #include <npu-regs.h> +#include <secvar.h> #include "astbmc.h" @@ -45,6 +46,10 @@ static bool mowgli_probe(void) return true; } +static int mowgli_secvar_init(void) +{ + return secvar_main(secboot_tpm_driver, edk2_compatible_v1); +} DECLARE_PLATFORM(mowgli) = { .name = "Mowgli", @@ -61,4 +66,5 @@ DECLARE_PLATFORM(mowgli) = { .exit = astbmc_exit, .terminate = ipmi_terminate, .op_display = op_display_lpc, + .secvar_init = mowgli_secvar_init, }; |